#VU120066 NULL pointer dereference in Linux kernel - CVE-2025-40360
Published: December 16, 2025
Vulnerability identifier: #VU120066
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-40360
CWE-ID: CWE-476
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL() function in drivers/gpu/drm/drm_gem_atomic_helper.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's repository.
External links
- https://git.kernel.org/stable/c/14e02ed3876f4ab0ed6d3f41972175f8b8df3d70
- https://git.kernel.org/stable/c/6abeff03cb79a2c7f4554a8e8738acd35bb37152
- https://git.kernel.org/stable/c/6bdef5648a60e49d4a3b02461ab7ae3776877e77
- https://git.kernel.org/stable/c/b61ed8005bd3102510fab5015ac6a275c9c5ea16
- https://git.kernel.org/stable/c/c4faf7f417eea8b8d5cc570a1015736f307aa2d5
- https://git.kernel.org/stable/c/c7d5e69866bbe95c1e4ab4c10a81e0a02d9ea232